What happened:
After migrating from Net6 to Net8 AspNetCore.HealthChecks.OpenIdConnectServer reports the following issue :
"description": "Invalid discovery response - 'id_token_signing_alg_values_supported' must contain the following values: RS256!",
What you expected to happen:
result should be Healthy as our idserver uses PS256 Algorithm.
and our jwks endpoint :
{"keys":[{"kty":"RSA","use":"sig","kid":"XXXX","alg":"PS256"}]}
How to reproduce it (as minimally and precisely as possible):
Use our discovery document :
services.AddHealthChecks() .AddIdentityServer( idSvrUri: new Uri("https://si30-staging-sso-web.azurewebsites.net")
Or Use your own Duende server where you'll implement ISigningCredentialStore with PS256
public async Task<SigningCredentials> ISigningCredentialStore.GetSigningCredentialsAsync()
{
var key = [...]
return new SigningCredentials(key, SecurityAlgorithms.RsaSsaPssSha256);
}
.NET Core version
8.0.300
Healthchecks version
8.0.3
Operative system:
win11 ; docker linux
Others:
This issue is relative i think to this one : #2152
What happened: After migrating from Net6 to Net8 AspNetCore.HealthChecks.OpenIdConnectServer reports the following issue :
"description": "Invalid discovery response - 'id_token_signing_alg_values_supported' must contain the following values: RS256!",
What you expected to happen: result should be Healthy as our idserver uses PS256 Algorithm.
This is confirmed by our discovery document :
and our jwks endpoint :
{"keys":[{"kty":"RSA","use":"sig","kid":"XXXX","alg":"PS256"}]}
How to reproduce it (as minimally and precisely as possible): Use our discovery document :
services.AddHealthChecks() .AddIdentityServer( idSvrUri: new Uri("https://si30-staging-sso-web.azurewebsites.net")
Or Use your own Duende server where you'll implement ISigningCredentialStore with PS256